← back
CVE-2023-45852

CVE-2023-45852

EPSS 14.0%
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 14.0%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
14 Oct 2023Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://connectivity.viessmann.com/gb/mp-fp/vitogate/vitogate-300-bn-mb.htmlhttps://github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_RCE.md